Threat report for 2018-09-19

DATA BREACH

1. Survey: Nearly one-third of breached companies reported job losses after data breach
2. Access to over 3,000 compromised sites sold on Russian black marketplace MagBo
3. NSA Leak Fuels Rise in Hacking for Crypto Mining: Report
4. Magecart claims another victim in Newegg merchant data theft
5. Here we Mongo again! Millions of records exposed by insecure database
6. How Facebook wants to protect political campaigners from hacking
7. Yahoo settles for $47 million in litigation following data breach of 3 billion accounts
8. State Department reveals data breach, employee information exposed
9. Vulnerabilities Discovered in NUUO Network Video Recorder
10. Veeam gets hacked: Data management enterprise exposes database with more than 400 million emails
11. New ransomware campaign encrypts files even if the ransom is paid

DENIAL-OF-SERVICE

1. A Hybrid Solution to Taming SOC Alert Overload
2. The makers of the Mirai IoT-hijacking botnet are sentenced
3. Mirai botnet authors avoid prison after "substantial assistance" to the FBI
4. New Malware Combines Ransomware, Coin Mining and Botnet Features in One
5. Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail

MALVERTISING

1. Nothing to report

DATA LEAK

1. Nothing to report

PHISHING

1. Phishing finance apps make way back into Google Play
2. Hackers Constantly Carrying out Password Stealing Attacks Targeting Financial Services Industry
3. FBI: Phishing Attacks Aim to Swap Payroll Information
4. Credential Stuffing Attacks Generate Billions of Login Attempts
5. This Windows file may be secretly hoarding your passwords and emails
6. Your business should be more afraid of phishing than malware

WEB DEFACEMENT

1. Nothing to report

MALWARE

1. VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE
2. WANNAMINE CRYPTOMINER THAT USES ETERNALBLUE STILL ACTIVE
3. Colorado firm claims ransomware attack behind closure
4. Access to over 3,000 backdoored sites sold on Russian hacking forum
5. NSA Leak Fuels Rise in Hacking for Crypto Mining: Report
6. Researchers find new financial malware targeting banking customers in Brazil
7. XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins
8. The Past, the Present, and the Future of Illicit Cryptomining: Cyber Threat Alliance Publishes Landmark White Paper
9. New Malware Combines Ransomware, Coin Mining and Botnet Features in One
10. Your business should be more afraid of phishing than malware
11. Cyber Threat Alliance Releases Cryptomining Whitepaper
12. Hackers using Android & iOS Spyware “Pegasus” to Conducting Massive Surveillance Operations in 45 Countries
13. New ransomware campaign encrypts files even if the ransom is paid

EXPLOIT

1. Nothing to report

VULNERABILITY

1. Adobe Patches Code Execution, Other Flaws in Acrobat and Reader
2. Bug in Bitcoin code also opens smaller cryptocurrencies to attacks
3. Rapid7 Threat Intelligence Book Club: ‘Countdown to Zero Day’ Recap
4. ‘Peekaboo’ zero-day lets hackers view and alter surveillance camera footage
5. WTB: Windows Systems Vulnerable To FragmentSmack, 90s-Like DoS Bug
6. Flaw in Western Digital My Cloud exposes the content to hackers
7. Vulnerabilities Discovered in NUUO Network Video Recorder
8. Zero Day vulnerability allows access to CCTV cameras
9. Windows 10 Build 18242 (19H1) Released With Bug Fixes

Region brief for 2018-09-19

ASIA

1. APT10 targets Japanese media company with upgraded UPPERCUT
2. New Malware Combines Ransomware, Coin Mining and Botnet Features in One
3. Zero Day vulnerability allows access to CCTV cameras
4. Hackers using Android & iOS Spyware “Pegasus” to Conducting Massive Surveillance Operations in 45 Countries

OCEANIA

1. Nothing to report

NORTH AMERICA

1. NSA Leak Fuels Rise in Hacking for Crypto Mining: Report
2. Magecart strikes again, this time at electronics retailer Newegg
3. Yahoo settles for $47 million in litigation following data breach of 3 billion accounts
4. Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail

SOUTH AMERICA

1. Researchers find new financial malware targeting banking customers in Brazil

EUROPE

1. Access to over 3,000 compromised sites sold on Russian black marketplace MagBo
2. Access to over 3,000 backdoored sites sold on Russian hacking forum
3. Newegg Credit Card Info Stolen For a Month by Injected MageCart Script
4. Another Victim of the Magecart Assault Emerges: Newegg
5. Hackers Steal Customers' Credit Cards From Newegg Electronics Retailer

AFRICA

1. Nothing to report

Sector brief for 2018-09-19

HEALTHCARE

1. Nothing to report

TRANSPORT

1. Nothing to report

BANKING & FINANCE

1. Phishing finance apps make way back into Google Play
2. VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE
3. Magecart strikes again, this time at electronics retailer Newegg
4. Researchers find new financial malware targeting banking customers in Brazil
5. Hackers Constantly Carrying out Password Stealing Attacks Targeting Financial Services Industry
6. Newegg Credit Card Info Stolen For a Month by Injected MageCart Script
7. Another Victim of the Magecart Assault Emerges: Newegg
8. Hackers Steal Customers' Credit Cards From Newegg Electronics Retailer
9. FBI: Phishing Attacks Aim to Swap Payroll Information
10. Credential Stuffing Attacks Generate Billions of Login Attempts

INFORMATION & TELECOMMUNICATION

1. Nothing to report

FOOD

1. Nothing to report

WATER

1. Nothing to report

ENERGY

1. Nothing to report

PUBLIC SERVICE

1. Nothing to report

Daily brief for 2018-09-19

ASIA

1. APT10 targets Japanese media company with upgraded UPPERCUT
2. New Malware Combines Ransomware, Coin Mining and Botnet Features in One
3. Zero Day vulnerability allows access to CCTV cameras
4. Hackers using Android & iOS Spyware “Pegasus” to Conducting Massive Surveillance Operations in 45 Countries

WORLD

1. Access to over 3,000 compromised sites sold on Russian black marketplace MagBo
2. Access to over 3,000 backdoored sites sold on Russian hacking forum
3. NSA Leak Fuels Rise in Hacking for Crypto Mining: Report
4. Magecart strikes again, this time at electronics retailer Newegg
5. Researchers find new financial malware targeting banking customers in Brazil
6. Newegg Credit Card Info Stolen For a Month by Injected MageCart Script
7. Another Victim of the Magecart Assault Emerges: Newegg
8. Hackers Steal Customers' Credit Cards From Newegg Electronics Retailer
9. Yahoo settles for $47 million in litigation following data breach of 3 billion accounts
10. Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail

ATTACKS

1. Phishing finance apps make way back into Google Play
2. Survey: Nearly one-third of breached companies reported job losses after data breach
3. Access to over 3,000 compromised sites sold on Russian black marketplace MagBo
4. NSA Leak Fuels Rise in Hacking for Crypto Mining: Report
5. Hackers Constantly Carrying out Password Stealing Attacks Targeting Financial Services Industry
6. A Hybrid Solution to Taming SOC Alert Overload
7. Magecart claims another victim in Newegg merchant data theft
8. The makers of the Mirai IoT-hijacking botnet are sentenced
9. Here we Mongo again! Millions of records exposed by insecure database
10. How Facebook wants to protect political campaigners from hacking
11. FBI: Phishing Attacks Aim to Swap Payroll Information
12. Yahoo settles for $47 million in litigation following data breach of 3 billion accounts
13. Mirai botnet authors avoid prison after "substantial assistance" to the FBI
14. New Malware Combines Ransomware, Coin Mining and Botnet Features in One
15. State Department reveals data breach, employee information exposed
16. Credential Stuffing Attacks Generate Billions of Login Attempts
17. This Windows file may be secretly hoarding your passwords and emails
18. Your business should be more afraid of phishing than malware
19. Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail
20. Vulnerabilities Discovered in NUUO Network Video Recorder
21. Veeam gets hacked: Data management enterprise exposes database with more than 400 million emails
22. New ransomware campaign encrypts files even if the ransom is paid

THREATS

1. VAI MALANDRA: A LOOK INTO THE LIFECYCLE OF BRAZILIAN FINANCIAL MALWARE
2. WANNAMINE CRYPTOMINER THAT USES ETERNALBLUE STILL ACTIVE
3. Colorado firm claims ransomware attack behind closure
4. Access to over 3,000 backdoored sites sold on Russian hacking forum
5. Adobe Patches Code Execution, Other Flaws in Acrobat and Reader
6. Bug in Bitcoin code also opens smaller cryptocurrencies to attacks
7. NSA Leak Fuels Rise in Hacking for Crypto Mining: Report
8. Researchers find new financial malware targeting banking customers in Brazil
9. XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins
10. Rapid7 Threat Intelligence Book Club: ‘Countdown to Zero Day’ Recap
11. The Past, the Present, and the Future of Illicit Cryptomining: Cyber Threat Alliance Publishes Landmark White Paper
12. ‘Peekaboo’ zero-day lets hackers view and alter surveillance camera footage
13. WTB: Windows Systems Vulnerable To FragmentSmack, 90s-Like DoS Bug
14. New Malware Combines Ransomware, Coin Mining and Botnet Features in One
15. Your business should be more afraid of phishing than malware
16. Flaw in Western Digital My Cloud exposes the content to hackers
17. Vulnerabilities Discovered in NUUO Network Video Recorder
18. Cyber Threat Alliance Releases Cryptomining Whitepaper
19. Zero Day vulnerability allows access to CCTV cameras
20. Hackers using Android & iOS Spyware “Pegasus” to Conducting Massive Surveillance Operations in 45 Countries
21. New ransomware campaign encrypts files even if the ransom is paid
22. Windows 10 Build 18242 (19H1) Released With Bug Fixes

CRIME

1. Bug in Bitcoin code also opens smaller cryptocurrencies to attacks
2. Magecart strikes again, this time at electronics retailer Newegg
3. Researchers find new financial malware targeting banking customers in Brazil
4. Newegg Credit Card Info Stolen For a Month by Injected MageCart Script
5. Magecart claims another victim in Newegg merchant data theft
6. XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins
7. The Past, the Present, and the Future of Illicit Cryptomining: Cyber Threat Alliance Publishes Landmark White Paper
8. Another Victim of the Magecart Assault Emerges: Newegg
9. Hackers Steal Customers' Credit Cards From Newegg Electronics Retailer
10. The makers of the Mirai IoT-hijacking botnet are sentenced
11. FBI: Phishing Attacks Aim to Swap Payroll Information
12. WTB: Windows Systems Vulnerable To FragmentSmack, 90s-Like DoS Bug
13. Mirai botnet authors avoid prison after "substantial assistance" to the FBI
14. Mirai Botnet Creators Helping FBI Fight Cybercrime to Stay Out of Jail
15. Cyber Threat Alliance Releases Cryptomining Whitepaper
16. New ransomware campaign encrypts files even if the ransom is paid

POLITICS

1. ‘Peekaboo’ zero-day lets hackers view and alter surveillance camera footage
2. Veeam gets hacked: Data management enterprise exposes database with more than 400 million emails
3. Zero Day vulnerability allows access to CCTV cameras